Java tips, observations, bugs and problems from the world of Spring, Weblogic, Oracle, MySQL and many other technologies...

Tuesday, 26 June 2012

The OAuth Administration Steps

In my last blog I summarised the point of OAuth as the need for your application to get hold of an Access Token so that it can access your user’s private data from a Software as a Service (SaaS) provider’s website such as Twitter or Facebook without the need for your users to give your application their credentials.

This blog takes a look at the setup steps necessary for this hypothetical application to become OAuth compliant and when I say “setup steps”, at this stage I’m merely talking about a boring administration step that you must complete, but don’t worry as there isn’t that much to it.

Before you can get hold of that prized Access Token, you have to get the SaaS provider, such as Twitter, to give your app permission to request the token from its OAuth server. To do this you need to:

Setup a user account with the SaaS provider. Most people already have their own Twitter, Facebook or Sina Weibo account, but in this case you generally need to create one on behalf your company or client.

Once you have an account you need to go to the appropriate page and find the link that usually says something like “Create new App”. Although it’s not usually put in these terms, what you’re actually doing is registering your application as a user of the SaaS providers OAuth service and what you get in return is something like a user name and password for your app. The application’s username is generally referred to as a key whilst its password is referred to as a secret; however different SaaS providers use slightly different names. For example: Facebook calls them the App ID / App Key and App Secret; Twitter calls them the Consumer Key and Consumer Secret; and Sina Weibo calls them the App Key and App Secret.

What do app keys and secrets look like? In reality, they’re just simple strings, for example the app key and secret for the Spring Social Demos are: